The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms…
Category: Commentaries and Analyses
In yet another long gap to notification, a covered entity notifies patients of a May 2021 cyberattack
On May 5, 2021, Benson Health in North Carolina (formerly known as Benson Area Medical Center) discovered that it was the target of a cyberattack. According to their notification dated July 7, 2022, they immediately launched an investigation, engaged a law firm specializing in cybersecurity and data privacy, and engaged third-party forensic specialists to assist….
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
Graham Cluley writes: Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them…
Inside The Russian Cybergang Thought To Be Attacking Ukraine—The Trickbot Leaks
Davey Winder reports: … I can exclusively report that threat intelligence specialist Cyjax has today published an in-depth analysis delving deep into the heart of the Trickbot cybergang. Months of painstaking research through hundreds of leaked documents has resulted in what is possibly the most comprehensive breakdown of a significant international cybercrime syndicate I’ve seen. Covering…
Ransomware attacks on educational institutions shoot up sharply: Sophos’ report
K.V. Kurmanath reports: …In the absence of proper cyber security shields and defence mechanisms, the number of ransomware attacks in this sector has gone up significantly, said a report by Sophos, a British-based security software and hardware company. “The ‘State of Ransomware in Education 2022’ finds that about 60 per cent of the education institutions…
Balancing Act: Understanding the Legal Implications of Post-Data Breach Public Statements
David Balser, a partner at King & Spalding, writes: When a company discovers that it has been a victim of a data breach, it is essential to act quickly. In particular, an issue of critical importance is when and how a breached company discloses the data breach to customers, business partners, regulators and the general…